Attempt to add a multipath route where a nexthop definition refers to a
non-existent device causes 'ip' to crash and burn due to stack buffer
overflow:
# ip -6 route add fd00::1/64 nexthop dev fake1
Cannot find device "fake1"
Cannot find device "fake1"
Cannot find device "fake1"
...
Segmentation fault (core dumped)
Don't ignore errors from the helper routine that parses the nexthop
definition, and abort immediately if parsing fails.
Signed-off-by: Jakub Sitnicki <jkbs@redhat.com>
The offset and peer_offset parameters are only printed to avoid
confusing external scripts that may parse "ip l2tp show session"
output. There's no reason to keep them in JSON.
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Ignore options "peer-offset" and "offset" when creating sessions. Keep
them when dumping sessions in order to avoid breaking external scripts.
"peer-offset" has always been a noop in iproute2. "offset" is now
ignored in Linux 4.16 (and was broken before that).
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
A problem was reported with parsing of prefixes all/any/default.
Commit 7696f1097f fixes the problem,
but there were also other pathces applied:
00b31a6b2e, which were intended to
fix the same problem. And they became redundant now. This patch
reverts changes introduced by those redundant patches.
Signed-off-by: Alexander Zubkov <green@msu.ru>
Fixes warnings about strncpy size by using strlcpy.
tunnel.c: In function ‘tnl_gen_ioctl’:
tunnel.c:145:2: warning: ‘strncpy’ specified bound
16 equals destination size [-Wstringop-truncation]
strncpy(ifr.ifr_name, name, IFNAMSIZ);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Convert ip l2tp to use JSON output routines.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
ip vrf exec requires root or CAP_NET_ADMIN, CAP_SYS_ADMIN and
CAP_DAC_OVERRIDE. It is not possible to run unprivileged commands like
ping as non-root or non-cap-enabled due to this requirement.
To allow users and administrators to safely add the required
capabilities to the binary, drop all capabilities on start if not
invoked with "vrf exec".
Update the manpage with the requirements.
Signed-off-by: Luca Boccassi <bluca@debian.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Conflicts:
bridge/mdb.c
Updated bridge/bridge.c per removal of check_if_color_enabled by commit
1ca4341d2c ("color: disable color when json output is requested")
Signed-off-by: David Ahern <dsahern@gmail.com>
This reverts commit 9135c4d603.
Debian maintainer found that basic command:
# ip route flush all
No longer worked as expected which breaks user scripts and
expectations. It no longer flushed all IPv4 routes.
Reported-by: Luca Boccassi <bluca@debian.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
If kernel does not support the IP multicast address family,
then it will report all routes (PF_UNSPEC).
Give the user a better error message and abort the command.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
Should be no change for non-json case except putting color
on address if desired.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
Support printing mulitcast addresses in json and color mode.
Output format is unchanged for normal use.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
To benefit other users (e.g. link_veth.c) of iplink_parse() from
additional attribute checks and setups made in iplink_modify(). This
catches most of weired cobination of parameters to peer device
configuration.
Drop @name, @dev, @link, @group and @index from iplink_parse() parameters
list: they are not needed outside.
While there change return -1 to exit(-1) for group parsing errors: we
want to stop further command processing unless -force option is given
to get error line easily.
Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
Both ip-link(8) and error message when "index" parameter is given for
set/delete case says that index can only be given during network
device creation.
Follow this documented behaviour and get rid of ambiguous behaviour in
case of both "dev" and "index" specified for ip link delete scenario
(actually "index" being ignored in favor to "dev").
Prohibit "index" when configuring/deleting group of network devices.
Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
Both of them accept network device name as argument, but have different
meaning:
dev - is a device by it's name,
name - name for specific device.
The only case where they treated separately is network device rename
case where need to specify both ifindex and new name. In rest of the
cases we can assume that dev == name.
With this change we do following:
1) Kill ambiguity with both "dev" and "name" parameters given the same
name:
ip link {add|set} dev veth100a name veth100a ...
2) Make sure we do not accept "name" more than once.
3) For VF and XDP treat "name" as "dev". Fail in case of "dev" is
given after VF and/or XDP parsing.
4) Make veth and vxcan to accept both "name" and "dev" as their peer
parameters, effectively following general ip-link(8) utility
behaviour on link create:
ip link add {name|dev} veth1a type veth peer {name|dev} veth1b
Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
There is a couple of places where we report error in case of no network
device is found. In all of them we output message in the same format to
stderr and either return -1 or 1 to the caller or exit with -1.
Introduce new helper function nodev() that takes name of the network
device caused error and returns -1 to it's caller. Either call exit()
or return to the caller to preserve behaviour before change.
Use -nodev() in traffic control (tc) code to return 1.
Simplify expression for checking for argument being 0/NULL in @if
statement.
Signed-off-by: Serhey Popovych <serhe.popovych@gmail.com>
TX rate limit fields are unsigned (__u32).
Use %u and print_uint when printing.
Tested:
$ ip link set ens1 vf 1 rate 2294967296
$ ip link show |grep -iE "vf 1" | grep rate
before:
vf 1 MAC 00:00:00:00:00:00, tx rate -2000000000 (Mbps), max_tx_rate -2000000000Mbps, ...
after:
vf 1 MAC 00:00:00:00:00:00, tx rate 2294967296 (Mbps), max_tx_rate 2294967296Mbps, ...
Fixes: 3fd8663087 ("iproute2: rework SR-IOV VF support")
Fixes: 8c29ae7cc2 ("ip link: Fix crash on older kernels when show VF dev")
Fixes: f89a2a05ff ("Add support to configure SR-IOV VF minimum and maximum Tx rate through ip tool")
Fixes: ae7229d5f9 ("ip: Add support for setting and showing SR-IOV virtual funtion link params")
Fixes: d0e720111a ("ip: ipaddress.c: add support for json output")
Signed-off-by: Tariq Toukan <tariqt@mellanox.com>
add support to match on ip_proto, sport and dport ranges.
For ip_proto, this patch currently enumerates, tcp, udp and sctp.
This list can be extended in the future.
example:
$ip rule add sport 666-777 dport 999 ip_proto tcp table 100
$ip rule show
0: from all lookup local
32765: from all ip_proto 6 sport 666-777 dport 999 lookup 100
32766: from all lookup main
32767: from all lookup default
Signed-off-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
Basic support for JSON output when showing network namespaces.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
The JSON support in macsec code was mostly missing and what was
there was broken. This uses new json_print utilities to complete
output.
Compile tested only.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
Several places copy/paste same code for printing array of statistics.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
Break long lines and use const as recommended by checkpatch.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
Add JSON support to the ip tcp_metrics output.
$ ip -j -p tcp_metrics show
[ {
"dst": "192.18.1.11",
"age": 23617.8,
"ssthresh": 7,
"cwnd": 3,
"rtt": 0.039176,
"rttvar": 0.039176,
"source": "192.18.1.2"
}
...
The JSON output does scale values differently since there is no good
way to indicate units. The rtt values are displayed in seconds in
JSON and microseconds in the original (non JSON) mode. In the example
above the output in without the -j flag, the output would be
... rtt 39176us rttvar 39176us
I did this since all the other values in the JSON record are also in
floating point seconds.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
Basic JSON support for ip netconf command.
Also cleanup some checkpatch warnings about long lines.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
Add JSON (and limited color) to ip neighbor table parameter output.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
Immediately after freeing the buffer returned from rtnl_talk(), it is
accessed again via pointer in struct rtattr array. This leads to some
builds not allowing to set an interface's MAC address because the
expected length value is garbage.
Fixes: 86bf43c7c2 ("lib/libnetlink: update rtnl_talk to support malloc buff at run time")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Allow the specification of a protocol when the user
adds/modifies/deletes a rule.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
Modify 'ip rule' command to notice when the kernel passes
to us the originating protocol.
Add code to allow the `ip rule flush protocol XXX`
command to be accepted and properly handled.
Modify the documentation to reflect these code changes.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
The iprule.c code was using `struct rtmsg` as the data
type to pass into the kernel for the netlink message.
While 'struct rtmsg' and `struct fib_rule_hdr` are
the same size and mostly the same, we should use
the correct data structure. This commit translates
the data structures to have iprule.c use the correct
one.
Additionally copy over the modified fib_rules.h file
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
For IP-in-IP tunnels, one can specify the [no]allow-localremote command
when configuring a device. Under the hood, this flips the
IP6_TNL_F_ALLOW_LOCAL_REMOTE flag on the netdevice. However, ip6gretap
and ip6erspan devices, where the flag is also relevant, are not IP-in-IP
tunnels, and thus there's no way to configure the flag on these
netdevices. Therefore introduce the command to link_gre6 as well.
The original support was introduced in commit 21440d19d9
("ip: link_ip6tnl.c/ip6tunnel.c: Support IP6_TNL_F_ALLOW_LOCAL_REMOTE flag")
Signed-off-by: Petr Machata <petrm@mellanox.com>
Signed-off-by: David Ahern <dsahern@gmail.com>
Instead of declaring -color and -json exclusive, ignore -color when
-json is provided. The rationale is to allow to put -color in an alias
for ip while still being able to use -json. -color is merely a
presentation suggestion and we can assume there is nothing to color in
the JSON output.
Signed-off-by: Vincent Bernat <vincent@bernat.im>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Even in brief mode the interface name should be printed
in color if desired. This makes output consistent across
regular and brief mode.
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
Putting whole string "master eth0" in the interface name color
is wrong and confusing. Let's just turn color off for all attributes
of device.
Fixes: d92cc2d087 ("ipaddress: ll_map: Replace ll_idx_n2a() with ll_index_to_name()")
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: David Ahern <dsahern@gmail.com>
Stephen Hemminger
Jakub Sitnicki
Guillaume Nault
David Ahern
Alexander Zubkov
Stephen Hemminger
Luca Boccassi
Serhey Popovych
Tariq Toukan
Roopa Prabhu
Phil Sutter
Donald Sharp
Sabrina Dubroca
Petr Machata
Vincent Bernat